Radial data visualization system

ABSTRACT

A computer-implemented method for interactive visualization of a risk assessment for an entity on a graphical user interface of a computer system includes receiving, by the computer system, unstructured risk data associated with an entity, parsing, by the computer system, the unstructured risk data to produce risk information elements during a time period, combining, by the computer system, the risk information elements that comprise a single event, categorizing, by the computer system, each event in a category, generating, by a computer processor, a risk assessment for the entity from the categorized events for each time period, and displaying, on the graphical user interface, the risk assessments for each time period on a risk timeline that includes a timeline and a numerical risk scale.

TECHNICAL FIELD

The present disclosure relates to a system and method for assessing riskand more particularly, to systems and methods of risk visualization.

BACKGROUND

Current security threat assessment and fraud detection programs aremoving towards a risk-based approach to ensure that entitlementprograms, infrastructures, data, and systems are protected from improperuse or criminal activity. This risk-based approach requires asignificant amount of automation of the threat assessment and frauddetection process and a solid quality assurance process that tracks thequality of a risk assessment process.

However, current risk assessment processes present several majorchallenges. Unstructured data sources used in the assessment process arehard to convert into a format suitable for an automated assessment.Additionally, non-standard data vocabulary and complicated datasemantics are difficult to use by traditional systems such as rule-basedengines. Given these challenges, much of the risk assessment processesare manually operated, accuracy rates are less than optimal, andtherefore the likelihood of fraud, criminal activity, and other types ofrisk, increase.

SUMMARY

Embodiments of the present disclosure provide an automated accurate riskassessment process. Additional features and utilities are set forthand/or are obvious from the description provided below.

One or more embodiments of the present disclosure are related to asystem or a method of assessing risk using a computer. According to oneaspect, a computer-based system of assessing risks includes anenrollment module to receive, at a computer, personal informationregarding at least one entity, a data aggregation module to receive, atthe computer, risk information regarding the at least one entityaccording to the personal information from at least one data source, arisk assessment module to automatically convert the risk information toassessment information, and a memory to store the personal information,the risk information, and/or the assessment information on the computer.

According to another aspect, a method of assessing risks using acomputer includes receiving personal information regarding at least oneentity at the computer, gathering risk information regarding the atleast one entity according to the personal information from at least onedata source, automatically converting the risk information to assessmentinformation, and storing the personal information, the risk information,and/or the assessment information in a memory on the computer.

According to another aspect, a computer-readable recording mediumcontaining computer-readable codes provides commands for computers toexecute a process including receiving personal information regarding atleast one entity at the computer, gathering risk information regardingthe at least one entity according to the personal information from atleast one data source, automatically converting the risk information toassessment information, and storing the personal information, the riskinformation, and/or the assessment information in a memory on thecomputer.

The system, method and/or computer-readable recording medium may includeone or more of the following features. The risk information may includecriminal history, civil history, terrorist watch lists, trafficviolations, loan or debt delinquencies, outstanding wants or warrants,academic disciplinary history, and/or immigration status. In anotherembodiment, the risk information includes infraction information,punishment information, and disposition information that correspond tothe personal information of the at least one entity.

The infraction information, punishment information, and dispositioninformation may be automatically converted to standardized codes byassigning numerical values including an infraction code that correspondsto the infraction information, a punishment code that corresponds to thepunishment information, and a disposition code that corresponds to thedisposition information.

An adjudication module may be used to determine a level of riskcorresponding to the at least one entity according to the assessmentinformation. The level of risk corresponding to the at least one entitymay be determined according to adjudication parameters received by theadjudication module. The adjudication parameters may be received from auser and input into the computer or received from a client over anetwork.

The standardized infraction code may be derived from infractioninformation by pre-processing the infraction information and using apredictive model to classify the infraction information into theinfraction code along with a confidence factor for the classification.The standardized punishment code may be derived from punishmentinformation by pre-processing the punishment information and using thepredictive model to classify the punishment information into thepunishment code along with a confidence factor for the classification.The standardized disposition code may be derived from dispositioninformation by pre-processing the disposition information and using thepredictive model to classify the disposition information into thedisposition code along with a confidence factor for the classification.

As another feature, pre-processing of the infraction information, thepunishment information, and/or the disposition information may beperformed. For example, a number of text-string substitutions may beperformed to normalize the language of the infraction information, thepunishment information, and/or the disposition information. Unnecessarytext may be removed from the infraction information, the punishmentinformation, and/or the disposition information. In addition, specificphrases may be created that are based on the proximity of two or morewords.

In one embodiment, the predictive model is a statistical patternlearning model which is trained to predict classifications by usingexamples of text already classified.

One or more embodiments of the present disclosure are related to asystem or a method of determining an entity's identity and assessingrisks related to the entity's identity. According to one aspect, acomputer-based system of determining an entity's identity and assessingrisks related to the entity's identity includes a tracking module torecord encounters of the entity with the computer-based system and togenerate encounter information relating to the recorded encounters, aninformation module to gather biographic information and biometricinformation relating to the entity's identity and to detect changes inthe biographic information and the biometric information based onpreviously recorded encounters, a risk assessment module to evaluaterisks associated with the entity according to the previously recordedencounters and assessment parameters, and a memory to store thebiographic information and the biometric information, the detectedchanges in the biographic information and the biometric information, andthe encounter information.

According to another aspect, a method of determining an entity'sidentity and assessing risks related to the entity's identity using acomputer including gathering biographic information and biometricinformation relating to the entity's identity during a first encounter,recording encounter information regarding the first encounter, detectingchanges in the biographic information and the biometric information bycomparing the biographic information and the biometric information fromthe first encounter with second biographic information and biometricinformation from a second encounter, determining risks associated withthe entity according to the encounter information and assessmentparameters, and storing the first biographic information and biometricinformation, the encounter information, and the second biographicinformation and the biometric information in a memory on the computer.

According to another aspect, a computer-readable recording mediumcontaining computer-readable codes provides commands for computers toexecute a process including gathering biographic information andbiometric information relating to an entity's identity during a firstencounter, recording encounter information regarding the firstencounter, detecting changes in the biographic information and thebiometric information from the first encounter with second biographicinformation and biometric information from a second encounter,determining risks associated with the entity according to the encounterinformation and assessment parameters, and determining the identity ofthe entity according to the first and second biographic information andthe biometric information, the encounter information, and the determinedrisks associated with the entity.

In one general aspect, a method of risk assessment for an entityincludes converting one or more element of risk information into acharacter string and combining the character string of each element ofrisk information into a continuous character string to produce asignature containing the risk information for the entity.

The method may include one or more of the following or above features.For example, the risk information may be parsed to produce the one ormore element of risk information. As another example, the characterstring may include a numeric code such that converting one or moreelement of risk information into a character string comprises convertingone or more element of risk information into a numeric code.

The risk information may be, for example, a criminal history recordwhich may be separated into arrest cycles. Each arrest cycle is parsedto produce one or more field that includes risk data. The risk data isparsed and/or translated into fields that include an offense code,severity code and disposition code.

The method may also include obtaining risk information about the entityand normalizing the risk information to produce risk data in a commonformat. In this embodiment, the normalized risk data is converted intoone or more character string or numeric code.

The signature can be compared to another signature for the same entity.For example, a signature for the entity produced at a first time can becompared to a signature produced at a second time. The signaturecomparison can detect and identify any changes so that any differencesbetween in the risk profile of an entity can be easily detected andreported by a reviewer, who may be a case manager, screening manager orother authorized reviewer. Another signature comparison may be performedby obtaining risk information from the same time period but fromdifferent sources of risk information.

As another feature, the detected changes in signatures can becategorized according to a level of importance. For example, thedetected change may be categorized as being of low, medium or highimportance. In another embodiment, the detected changes are assigned anumeric value and or may be color coded on a visual report.

Once a level of importance is established it can be compared to athreshold to determine if further action is warranted. For example, thechange in signatures may identify a minor motor violation that occurredin which case the reviewer may not be prompted to take further action.On the other hand, the change could identify a felony conviction or anoutstanding warrant that exceeds a risk threshold in which case thereviewer would be prompted to initiate or perform an immediate follow-upinvestigation.

A signature comparison may be performed based on a variety ofcircumstances. For example, a policy may establish a periodic update orscheduled risk assessment. In that case, the system requests updatedrisk assessment information from a source of risk information. Asanother example, the signature comparison is performed any time that newinformation is provided from the source of risk information (alsoreferred to as a data push). In some cases, the entity may voluntarilyprovide updated risk information and a signature comparison may bewarranted.

The signature may be encrypted to address security and privacy concerns.Once the signature is encrypted it may be stored to perform futurecomparisons in which case it would be decrypted.

In another general aspect, computer-based system for assessing a changein a risk level includes a data aggregation module to receive, at acomputer, biographic information regarding at least one entity andreceive, at the computer, risk information regarding the at least oneentity according to the personal information from at least one datasource, a parsing module to separate the risk information into one ormore element of risk information, a signature module combine the one ormore element of risk information into a continuous character string toproduce a signature containing the risk information for the entity, astorage device to store the signature and a second signature producedduring a different time period, a comparison module to compare thesignature to the second signature and to categorize differences betweenthe signature and the second signature as being of low, medium or highimportance, and a reporting module to produce a report of the signaturecomparison when the differences between the signature and the secondsignature are categorized as high importance.

In still another general aspect, computer-readable recording mediumcontaining computer-readable codes providing commands for computers toexecute a process includes retrieving, from one or more data source,biographic information and a criminal history report for an entity,normalizing the criminal history report to produce a normalized reportin a common format, separating the normalized report into one or morearrest cycle, parsing each arrest cycle to produce separate fields ofrisk information for each arrest cycle, converting the separate fieldsof risk information into a set of coded values for each arrest cycle,combining the coded values for each arrest cycle into a characterstring, and aggregating the biographic information and the characterstring for each arrest cycle into a risk signature for the entity.

The risk assessment may be performed by one or more of issue flagging,categorization or ranking. The issue flagging risk evaluation identifiespotential issues related to an entity that can impact the level of risk.These issues are generalized to represent specific potential concerns,such as reliability, trustworthiness, program eligibility, etc. Thereare multiple configurations available for issue flagging, which isdescribed below:

-   -   ***1. Number of Decision Tree hierarchy levels—enables the        screener to define the drill-in depth (number of levels of        drill-in) for decision tree. Each level “rolls-up” to the next        higher level by aggregating the number of potential issues        related to the lower levels;    -   2. Number of Guidelines\Disqualifying Conditions, per risk        hierarchy level—this enables the screener to define the number        of risk factors that contribute to the “roll-up” to the next        higher level of risk. It also allows for adding descriptions of        “Concern” and “Description” to define each of these;    -   3. Weight of each Guideline\Disqualifying Condition, per risk        hierarchy level—enables the customer to define the relative        importance of each of the contributing factors. For instance, a        specific risk type may have three contributing risk factors, but        that they may be configured to weight their contribution to the        higher level risk (60/20/20; 60/30/10; 30/30/30; etc.);    -   4. Mitigating Factors—enable customer to define a list of        factors that can mitigate a known issue so that it is cancelled        out; and    -   5. Data Assessment Rules—enables customer to define specific        data conditions that result in an impact to the lowest level        risk factors. The lack of the specific data condition may mean        there is no contribution to the risk assessment for this factor.    -   Customers use Issue Flagging to assess risk in a variety of        contexts and some examples are provided below.

Issue flagging can be used by government security offices to flagpotential issues related to granting a security clearance where theseissues are reviewed by trained adjudication staff to assess eligibilityfor a security clearance. For example, the Issue Types may be Allegianceto US Government, Criminality, etc. The adjudication staff can beprovided with risk evaluation rules such that if the applicant hascriminal history, then an Issue is created for the applicant to flag thecriminal history rap sheet. As another example, Transportation SecurityAdministration (TSA) may flag potential eligibility issues that arereviewed by trained adjudication staff to assess eligibility forparticipation on Government Credentialing Programs. In this case, theIssue Types may include: Immigration Status, Criminality, MentalStability, etc. The adjudication staff can be provided with riskevaluation rules such that if the applicant has criminal history, thenan Issue is created for the applicant to flag the criminal history rapsheet.

The Ranking risk evaluation type determines a numerical value (score) toassociate with an entity. There are multiple configurations availablefor Ranking, which are described below:

-   -   1. Number of risk hierarchy levels—enables the screener to        define the drill-in depth (number of levels of drill-in) for a        risk assessment. Each level “rolls-up” to the next higher level        by aggregating the contributing risk factors into a higher level        risk concept;    -   2. Number of risk contributions, per risk hierarchy        level—enables the screener to define the number of risk factors        that contribute to the “roll-up” to the next higher level of        risk;    -   3. Weight of each risk contribution, per risk hierarchy        level—enables the screener to define the relative importance of        each of the contributing factors. For instance, a specific risk        type may have three contributing risk factors, but that they may        be configured to weight their contribution to a higher level        risk (60/20/20; 60/30/10; 30/30/30; etc.);    -   4. Data Assessment Rules—enables customer to define specific        data conditions that result in an impact to the lowest level        risk factors. Lack of the specific data condition may mean there        is not contribution to the risk assessment for this factor.    -   Ranking can be used to assess risk in a variety of contexts. For        example, traveler pre-screening may assign a numerical risk        value to each entity to be used to assess travel eligibility.        The Risk Rank Range may be 0-100. The system may be provided        with certain Risk Evaluation Rules:    -   1. If potential match to Denied Persons List (watch list), then        add 50 points to the Disqualifying Condition “Person is on        Denied Person List;    -   2. If rejected match to Denied Persons List (watch list), then        subtract 40 points from the Disqualifying Condition “Person is        on Denied Person List”; and    -   3. If confirmed match to Denied Persons List (watch list), then        add 100 points to the Disqualifying Condition “Person is on        Denied Person List.

Based on the Risk Evaluation Rules and the information available from aMaster Identity Hierarchy, the person is given a risk score from 0-100and any traveler with a rank of 100 or more is automatically deniedtravel privileges.

As another example, Ranking may be used by private industry employers toevaluate employment risk. A Risk Rank Range is established from 0-10.The system applies the following Risk Evaluation Rules:

If criminal history includes 1-2 violent criminal offenses, then add 3points to the “Propensity for Violence” category;

If criminal history includes >3 violent criminal offenses, then add 6points to the “Propensity for Violence” category;

If human resources incident includes “threat of violence”, then add 5points to the “Propensity for Violence” category; and

If human resources incident includes “physical harassment”, then add 8points to the “Propensity for Violence” category.

Potential employees are rank ordered from 0-10 and any applicant thatreceives a rank of 10 or more may be automatically rejected from theapplicant pool.

In still another general aspect, a computer-implemented method forinteractive visualization of a risk assessment for an entity on agraphical user interface of a computer system includes receiving, by thecomputer system, unstructured risk data associated with an entity fromone or more source, parsing, by the computer system, the unstructuredrisk data to produce one or more risk information element during a timeperiod, combining, by the computer system, each risk information elementthat comprises a single event, categorizing, by the computer system,each event in a category, generating, by a computer processor, one ormore risk assessment for the entity from the one or more categorizedevent for each time period, displaying, on the graphical user interface,the one or more risk assessment for each time period on a risk timelinethat includes a timeline and a numerical risk scale.

Embodiments may include one or more of the above or following features.For example the risk assessment may be displayed as shapes such asvertical columns or circular rings. Each event and category in a timeperiod may be displayed as segments or sectors of the vertical columnsor circular rings.

The user may be prompted or may have an option to display the verticalcolumns or circular rings.

The risk assessment may include a risk score that is generated byassigning a numerical value to each event and the appearance of the riskassessment may change based on the numerical value. A risk score for atime period may include the numerical value of each event in the timeperiod. The risk score for the time period may be represented as a nodeon the risk timeline. The nodes may be connected by a reference line onthe risk timeline.\

The user may decide to position a cursor or mouse over a node or mayselect a node in order to get a more detailed view of the riskassessment for that time period. For example, the risk assessment may bedisplayed by vertical columns or concentric rings that represent thecategories and events.

In a further general aspect, one or more storage devices storinginstructions that are executable on a computer system to performoperations include receive, by the computer system, unstructured riskdata associated with an entity from one or more source, parse, by aprocessor, the unstructured risk data to produce risk informationelements that comprise an event, assign a numerical value to each event,generate, by the processor, one or more risk assessment with a riskscore that includes the numerical value of each event during a timeperiod, display, on a graphical user interface, the one or more riskassessment with the risk score on a risk timeline that includes atimeline and a numerical risk scale.

Each event may be assigned to a category, and the events and categoriescorresponding to each time period may be displayed and a more detailedview of the time period may be selected by a user.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings are meant to illustrate certain principles of the inventionand are not therefore to be considered to limit its scope. Theabove-mentioned features and objects of the present disclosure willbecome more apparent with reference to the following description takenin conjunction with the accompanying drawings wherein like referencenumerals denote like elements in which:

FIG. 1 is a block diagram illustrating a computer system to assess riskaccording to one or more embodiments of the present disclosure.

FIG. 2 is a flow chart illustrating a method of assessing risk accordingto one or more embodiments of the present disclosure.

FIG. 3A is a flow chart illustrating a method of gathering riskinformation according to one or more embodiments of the presentdisclosure.

FIG. 3B is a flow chart illustrating a method of converting riskinformation to assessment information according to one or moreembodiments of the present disclosure.

FIG. 4 is flow chart illustrating a method of determining a level ofrisk according to one or more embodiments of the present disclosure.

FIG. 5 is a flow chart illustrating the creation of a predictive modelfrom which the algorithm is developed.

FIG. 6 is a block diagram illustrating a computer system to determine anentity's identity and assess risks related to the entity's identityaccording to one or more embodiments of the present disclosure.

FIG. 7 is a flow chart illustrating a method of determining an entity'sidentity and assessing risks related to the entity's identity accordingto one or more embodiments of the present disclosure.

FIG. 8 is a flow chart illustrating a method of measuring a change inrisk of an entity.

FIGS. 9A and 9B show method of performing periodic risk evaluations.

FIG. 10 shows a ranking system for measuring risk.

FIG. 11 illustrates a method of generating and compare risk signatures.

FIG. 12 is a block diagram illustrating a computer system to produce andcompare risk signatures.

FIGS. 13-22 are a screen shots viewable by a screening assessmentmanager.

FIGS. 23-25 illustrate the components of a radial visualization diagram.

FIGS. 26A-26E illustrates data that is mapped to a Master IdentityHierarchy.

FIGS. 27A and 27B illustrate visualization of source documents.

FIGS. 28, 29A-29B, and 30A-30E illustrate multiple risk assessmentvisualizations.

FIGS. 31A-31B illustrate risk assessment visualizations with link andchord diagrams.

DETAILED DESCRIPTION

Examples are provided in the information below and are illustrated inthe accompanying drawings. For ease of reference, like numerals refer tolike elements throughout the specification and the drawings. Theembodiments are described below so as to explain the present disclosureby referring to the figures. Repetitive descriptions with respect tolike elements of different exemplary embodiments may be omitted for theconvenience of clarity.

Embodiments of the present disclosure provide an automated accurate riskassessment process. The present disclosure addresses major challengesregarding risk assessment, such as: unstructured data sources which arehard to convert into a format conducive to an automated assessment;non-standard data vocabulary and complicated data semantics which makethe interpretations of the data by computer systems difficult; andcomplex and changing program policies which require computer systems toadapt to rapid policy changes.

The present disclosure provides systems and methods of assessing riskusing a computer. According to one embodiment, a computer-based system100 is provided for assessing risks. As illustrated in FIG. 1, thecomputer-based system 100 includes a computer 110. As discussed above, acomputer 110 can be a server computer. A server computer should beunderstood to refer to a service point which provides processing,database, and communication facilities. By way of example, and notlimitation, the term server can refer to a single, physical processorwith associated communications and/or data storage and/or databasefacilities, or it can refer to a networked or clustered complex ofprocessors and associated network and/or storage devices, as well asoperating software and one or more database systems and/or applicationssoftware systems (which can be implemented as modules and/or engines)which support the services provided by the server.

Several non-limiting examples of a computer 110 are a personal computer(e.g., desktop computers or laptop computers), personal digitalassistants (PDAs), wireless devices, cellular telephones, internetappliances, media players, home theater systems, media centers, and thelike. The computer 110 may also include a plurality of computersconnected to teach other through a network. For the purposes of thisdisclosure, a computing device includes a processor and memory forstoring and executing program code, data and software, and may beprovided with an operating system that allows the execution of softwareapplications in order to manipulate data. The computer 110 can includeone or more input devices, e.g., keyboard, keypad, mouse, etc. and inputdevice interface, for example: a display, such as a screen or monitor,which can be specified using any of a number of languages, includingwithout limitation, a markup language such as Hypertext Markup Language,scripts, applets and the like.

Additionally, the computer 110 may receive and/or transmit personalinformation, risk information, assessment information, and/oradjudication information from one or more users 170 and/or clients 180through storage media, wired connections, wireless connections, theinternet, Internet, or any other type of communication network usingtransmission control protocol (TCP) and Internet Protocol (IP). Users170 may utilize the computer via an input device, such as a keyboard ora mouse. Clients 180 may be computers connected to computer 110 througha network. For example, the computer 110 may receive or transmit thesetypes of information through a flash memory drive, disc media (i.e., CD,DVD, Blu-Ray), a wired network connection (i.e., the internet), or awireless connection.

The computer 110 may include an enrollment module 120, a dataaggregation module 130, a risk assessment module 140, an adjudicationmodule 190, and a memory 150. The modules are not required to be on asingle computer 110. The modules may each be located on the computer110, or may be located on separate computers connected to the computer110 over a network, such as the Internet. The memory 150 may be a fixeddisk where an operating system, application programs, and/or data may bestored. For the purposes of this disclosure a module is a software,hardware, or firmware (or combinations thereof) system, process orfunctionality, or component thereof, that performs or facilitates theprocesses, features, and/or functions described herein (with or withouthuman interaction or augmentation). A module can include sub-modules.Software components of a module may be stored on a computer readablemedium. Modules may be integral to one or more servers, or be loaded andexecuted by one or more servers. One or more modules may be grouped intoan engine or an application and implemented by at least one processor ofa computing device.

The enrollment module 120 may receive, at the computer, personalinformation regarding at least one entity. As used herein, the term“entity” refers to any person, company, group of people, organization,government entity, and the like, that may pose any kind of risk. Forexample, an entity may be a person, a group of people, an organization,a corporation, a co-operation, an association, a country, a state, acity, a municipality, etc. As used herein, the term “personalinformation” refers to any information that can uniquely identify anentity. For example, if the entity is a single person, personalinformation may include biographic information (e.g., name, address,phone number, social security number, birth date, company's stocksymbol, etc.), biometric information (e.g., fingerprints, facerecognition, DNA, hand and palm geometry, iris recognition, odor/scent,etc.), and the like. Personal information may refer to an single uniqueidentifier, such as a fingerprint, or several pieces of information thatwhen taken together can refer only to a single entity, i.e., a name,birth date, and address. Additionally, personal information may refer tobiographic information and biometric information.

The data aggregation module 130 may receive, at the computer, riskinformation regarding the entity according to the personal informationfrom at least one data source 160. As used herein, the term “riskinformation” refers to any quantifiable information that may beconsidered as indicative of risk. For example, risk information mayinclude criminal history, civil history, terrorist watch lists, trafficviolations, loan or debt delinquencies, outstanding wants or warrants,academic disciplinary history, and/or immigration status. Riskinformation may also include accusations relating to the previouslymentioned types of risks. For example, a security company may want toknow whether potential employees have a criminal record. In thisexample, risk information would include any information that relates tothe criminal history of a job applicant. In another example, the federalgovernment may want to know what health care companies have unacceptablyhigh levels of fraud, or accusations of fraud, relating to insuranceclaims. In this example, risk information may include any informationthat relates to fraud claims or accusations relating to the health carecompanies. In another example, a company may want to know whether acountry poses a risk for investment purposes. In this example, riskinformation may include inflation or deflation rates, debt amount, debtto GDP ratio, interest rates, etc.

For example, the data source 160 may be a database, electronicdocuments, the internet, paper files, and the like. The risk assessmentmodule 140 may convert the risk information to assessment information.The term “assessment information” as used herein refers to riskinformation that has been quantified. For example, if a job applicanthas a criminal background, each criminal charge, disposition, andpunishment may be quantified. The conversion from risk information toassessment information may be manual or automatic. Risk information maybe converted from unstructured data sources using a non-standard datavocabulary and complicated data semantics to assessment informationusing standardized vocabulary and values. The memory 150 may store thepersonal information, the risk information, and/or the assessmentinformation on the computer 110.

According to another embodiment, the system 100 may also include anadjudication module 190 to determine a level of risk corresponding tothe at least one entity according to the assessment information. Theadjudication module 190 may be accessible to a user 170 or a client 180through storage media, wired connections, wireless connections, theinternet, Internet, or any other type of communication network usingtransmission control protocol (TCP) and Internet Protocol (IP). Thecomputer 100 may include the adjudication module 190, or theadjudication module 190 may be on storage media, the internet, flashdrives, external hard drives, and the like.

The risk information may be converted to assessment information using analgorithm. The algorithm may use logical expressions to automaticallyconvert unstructured text into numeric values. The algorithm may bedeveloped in the following manner in a criminal background context.Criminal backgrounds are usually obtained using rap sheets that maycontain information spanning several decades, jurisdictions, states,etc. Each jurisdiction may add information to the rap sheets in anunstructured non-standardized manner. For example, each jurisdiction mayhave a unique way of classifying the same crime, the classifications andcrimes may change over time, there may be typographical errors that arenever fixed, and other various differences or errors that causeinconsistencies in the data.

To develop the algorithm to automatically convert the inconsistent data(risk information) to standardized assessment information, a trainingmodel may be built. FIG. 5 is a flow chart illustrating the creation ofa predictive model from which the algorithm is developed. The predictivemodel may be a statistical pattern learning model which is trained topredict classifications by using examples of text already classified.The predictive model may be built by parsing a number of rap sheetsmanually to extract the following pieces of data: charges, arrest dates,court dates, disposition, sentences, etc (operation 500). This data maythen be analyzed and scored, i.e., standardized to account for anyinconsistencies (operation 510). The scoring may be done by an expert inthe subject matter. In the present example, involving rap sheets, asubject matter expert may be a retired police officer, FBI agent,corrections officer, and the like. The expert may go through rap sheets,line by line, standardizing the unstructured data. The scored data maythen be pre-processed to remove extraneous information from thestandardized data (operation 520). The pre-processing may includereplacing specific words, tokens, or phrase with more text-mindingfriendly words, tokens, and phrases. The rap sheets may be split into atesting set and a training set (operation 530). Logical expressions maybe developed as an analytical model based on the manual scoring andpre-processing of the rap sheets as part of the development of thepredictive model (operation 540). The algorithm may utilize theselogical expressions to convert the risk information to assessmentinformation.

Once the predictive model is developed, new rap sheets may beautomatically processed by the algorithm using the logical expressionsof the predictive model to produce testing data. The predictive modelmay then process new rap sheets to produce testing data to predict theassessment information according to the logical expressions (operation550). The accuracy of the prediction of the assessment information maybe provided to a user based on the predictive model's confidence in theaccuracy of the automatic conversion from risk information to assessmentinformation (operation 560). The accuracy may be provided as aconfidence factor, which refers to the predictive model's confidencethat the automatic version is accurate. The testing data may be manuallyreviewed by the experts to determine the accuracy of the training modeland to adjust the logical expressions to improve accuracy (operation570). The process may return to operations 510 and 520 in order toimprove the accuracy of the predictive model using additional rapsheets. The more testing data the predictive model processes, the moreaccurate the predictions become due to improved logical expressions. Thepredictive model may be part of the risk assessment module 140 and maybe updated to improve the accuracy of the predictive model when the riskassessment module 140 is utilized.

The computer system 100 may be used to assess risk or as a quality checkfor manual risk assessment. Risk information that has been manuallyprocessed for adjudication may be fed into the computer system 100 toautomatically determine the level of risk using the predictive model.The manually generated risk assessment may be compared against theautomatically generated risk assessment. The accuracy level of themanual risk assessment may be determined by this comparison. The personmaking the manual risk assessment may then learn from the differencesbetween the manual risk assessment and the automatic risk assessmentthereby improving the quality of the manual risk assessment.

According to another embodiment, the risk information may include atleast one of the following: infraction information, punishmentinformation, and disposition information. The infraction information,punishment information, and disposition information may all correspondto the personal information of the at least one entity. As used herein,the term “infraction information” refers to any information that may beindicative of risk. As used herein, the term “punishment information”refers to the severity of the infraction. As used herein, the term“disposition information” refers to a resolution of the infractioninformation, such as guilt or innocence. For example, in a criminalsetting, infraction information may correspond to criminal charges thatmay be classified using the National Crime Information Center (NCIC)codes. In this example, punishment information may correspond to theseverity of the charge, i.e., whether the criminal charges constitutemisdemeanors or felonies. Additionally, disposition in a criminalsetting may include whether the charge resolved with a finding ofconvicted, not convicted, or if the resolution is unknown. The riskinformation may include different types of information that correspondto the type of risk. For example, infraction information, punishmentinformation, and disposition information may apply to criminalinformation. Additionally, the risk information may include travelinformation which may include countries visited and dates of thosevisits.

The risk information can include additional information. For example, ina criminal setting the risk information may include whether a person hasserved any jail time, whether any probation is part of the sentence, ifany fines or restitution requirements have been levied, etc. This typeof risk information may be used by the computer 110 to infer dispositioninformation and punishment information. For example, if the person hasserved jail time and punishment information indicates the person wascharged with a felony, but the disposition information is unknown, thecomputer 110 can infer that the person was convicted based on the factthe person served jail time for the felony. Additionally, if the personhas been convicted and fined over $500, but the punishment informationrelating to the severity of the charge is unknown, the computer 110 caninfer that the person was charged with a felony based on the amount ofthe fine.

According to another embodiment, the infraction information, punishmentinformation, and disposition information may be converted tostandardized quantifiable values based on the risk information gatheredfrom the at least one data source 160. The conversion to standardizedquantifiable values may be manual or automatic. The computer 110 mayautomatically convert the infraction information, punishmentinformation, and disposition to standardized quantifiable values usingan algorithm in the risk assessment module 140. The algorithm may bespecifically programmed to correspond to the type of risk information,i.e., criminal history, civil history, terrorist watch lists, trafficviolations, loan or debt delinquencies, outstanding wants or warrants,academic disciplinary history, and/or immigration status. The algorithmmay use logic expressions to convert the risk information to assessmentinformation. For example, a logic expression to convert infractioninformation, in this example a criminal charge, to “SEXUAL_ASSAULT” orNCIC code “11” may be “SEX(UAL)?\s+ASS(UA|AU)LT.” The logic expressionmay include other alternative or potential spellings or phrases thatconvey a similar charge, such as “forcible sexual intercourse.”Additionally, a logic expression may convert punishment information to“FELONY,” “MISDEMEANOR,” or “UNKNOWN.” Additionally, a logic expressionmay convert disposition information to “CONVICTED,” “NOT CONVICTED,” or“UNKNOWN.”

Additionally, punishment information or disposition information may bedetermined according other portions of the risk information. Forexample, the risk information regarding a criminal charge may includejail time, which can be converted into punishment information anddisposition information. In this example, punishment information may bedetermined according to a punishment length. The punishment length maybe converted to standardized format using the following logicexpression: “(DAS?IDAYS?)(?:\s|\p[Punct]|S).” This logical expressionmay be interpreted as: find any substring beginning with the letters“DA” optionally followed by the letter “S” or beginning with the letters“DAY” optionally followed by the letter “S” where following letters mustbe either a “whitespace” character, some punctuation character, or theend of the string. When the text indicating punishment length fallswithin the parameters of the logical expression, the first group ofcharacters is replaced by a standardized code corresponding to apunishment length. The standardized punishment length is then convertedto punishment information. Additionally, if jail time has been served,the disposition information may be inferred as “CONVICTED.”

The computer-based system 100 may assess more than one risk or assessdifferent types of information simultaneously. More than onecomputer-based system 100 may assess one or more risks in tandem withone another. For example, if a risk assessment takes more than one typeof risk information, such as criminal history and immigration status, acomputer-based system 100 may include multiple risk assessment modulesto convert both types of risk information into assessment information.Alternatively, a first computer-based system may process the criminalhistory risk information, and a second computer-based system may processthe immigration status risk information.

According to another embodiment, the assessment information may includea standardized infraction code that corresponds to the infractioninformation, a punishment code that corresponds to the punishmentinformation, and a disposition code that corresponds to the dispositioninformation. According to another embodiment, the assessment informationmay be quantified by assigning numerical values as the standardizedinfraction code, the punishment code, and the disposition code.

For example, in a criminal setting, person A may have been charged with“intimidating a witness.” This infraction information may beautomatically converted to standardized infraction code “THREATS” whichcorresponds to NCIC code 16. If person A faces more than 1 year (365days) in prison for such a criminal charge, the punishment informationmay be automatically converted to standardized punishment code “FELONY.”If person A is found guilty, the disposition information is convertedstandardized disposition code “CONVICTED.” Therefore, in this example,person A has been charged with “intimidating a witness,” faces over 365days in prison, and has been “convicted.” Accordingly, the system 100may automatically convert the infraction information “intimidating awitness” to “THREATS,” the punishment information from “>365 days” to“FELONY” and from “guilty” to “CONVICTED.” Furthermore, the system 100may automatically convert the infraction information from “THREATS” to“16” to correspond to the NCIC code, the punishment information from“FELONY” to “1” as a ternary value, and “CONVICTED” to “2” as a ternaryvalue. Depending on a potential sentence length, the punishmentinformation may be converted to “MISDEMEANOR” or “0,” and if thepunishment information is not clear, the punishment information may beconverted to “UNKNOWN” or “2.” Additionally, if person A is found notguilty, the disposition information may be converted to “NOT CONVICTED”or “1,” and if the disposition information is not clear, the dispositioninformation may be converted to “UNKNOWN” or “0.”

According to another embodiment, the level of risk may correspond to theat least one entity is determined according to adjudication parametersreceived by the adjudication module 190. For example, a client 180 maybe a security company looking to hire a new employee. The client 180 mayassess the risk of job applicants by setting adjudication parameters bywhich to judge the applications. The adjudication parameters may beeasily changeable logical expressions that correspond to thestandardized vocabulary and values of assessment information. Theadjudication parameters can rapidly adapt to complex and frequentlychanging policies of the user 170 or the client 180. The level of riskmay be a threshold where if a job applicant fails to conform to theadjudication parameters set by the client 190, the level of risk isabove the threshold. If a job applicant conforms to the adjudicationparameters set by the client 190, the level of risk is at or below thethreshold. The adjudication parameters may include a period of timeelapsed from when a particular infraction occurred. If the jobapplicants exceed the adjudication parameters the security company iswilling to accept, than the level of risk corresponding to thoseapplicants. Additionally, the level of risk may be quantified accordingto the adjudication parameters. For example, the client 190 may setadjudication parameters where a felony is 10 points and a misdemeanor is5 points. Accordingly, the client 190 may set an acceptable risk levelat 24 points, thus any job applicant whose criminal record totals morethan 25 points exceeds the quantified risk threshold. In this example,risk information that exceeds the risk threshold may be either atemporary or a permanent disqualifying offense. For example, the client190 may determine that, for example, a felony that occurred over 10years ago should not be counted in adjudicating the risk because of thelapse of time since the infraction.

According to another embodiment, the adjudication parameters may bereceived from a user 170 and may be manually input into the computer 110or received from a client 180 over a network. The network include wiredconnections, wireless connections, the internet, Internet, or any othertype of communication network using transmission control protocol (TCP)and Internet Protocol (IP).

FIG. 2 illustrates a method of assessing risks using a computer. Inoperation 200, personal information regarding at least one entity isreceived at the computer. In operation 210, risk information regardingthe at least one entity is gathered according to the personalinformation from at least one data source 160.

The risk information and the personal information are assembled and/orcategorized in a Master Identity Hierarchy. On the highest level,information can be obtained from a variety of sources and mapped to ahierarchy that includes: Identifiers; Fraud; Relationships; Background;Social Media; Utility Services; Licenses; and Assets. The MasterIdentity Hierarchy utilizes categories and sub-categories to storeinformation for later retrieval. For example, the categories mayinclude, but are not limited to the following: Biographic; Biometric;Residence; Communication; Possible SSN & Current Address Fraud Alerts;Possible Device Fraud Alerts; Possible Relatives; Possible Marriages;Possible Divorces; Possible Associates; Neighbors Listings for Subject'sAddresses; Education Associates; and, Business Associates.

Sub-categories for Biographic Information may include: Name, Also KnownAs (AKA), Gender, DOB, POB, SSN, SSN—Year of Issuance, Possible OtherSSNs Associated with Subject, Possible Other Records/Names Associatedwith Subject's SSN, Height, Weight, Hair Color, and Eye Color. FIGS.26A-26E provide a more detailed outline of the categories,sub-categories and descriptive information that is included in theMaster Identity Hierarchy.

Depending on the application, various categories of information may beused or may be deemed not necessary or may be off limits. For example, ahigh level security clearance may require scrutiny of all categories ofinformation. On the other hand, a routine employment screening may beconfigured to prevent access to categories such as Relationships,Political Affiliations and/or Social Media. In operation 220, the riskinformation is converted to assessment information. In operation 230,the personal information, the risk information, and/or the assessmentinformation are stored in a memory 150 on the computer 110. Theconversion of risk information to assessment information may be manualor automatic.

FIG. 3A illustrates a method of gathering of the risk information(operation 210). The gathering of risk information in operation 210 mayinclude obtaining infraction information (operation 310), punishmentinformation (operation 320), and disposition information (operation 330)that correspond to the personal information of the at least one entity.

According to another embodiment, the conversion of the risk informationto assessment information (operation 220) may include converting theinfraction information, punishment information, and dispositioninformation to standardized quantifiable values based on the riskinformation gathered from the at least one data source 160. FIG. 3Billustrates a method of converting risk information to assessmentinformation (operation 220). The conversion of risk information toassessment in operation 220 may include converting the risk informationinto assessment information may include a standardized infraction codethat corresponds to the infraction information (operation 340), apunishment code that corresponds to the punishment information(operation 350), and a disposition code that corresponds to thedisposition information (operation 360).

According to another embodiment, the method may further include storingthe standardized infraction code, the punishment code, and thedisposition code on the computer 110 as numerical values (operation370). According to another embodiment, the risk information may includecriminal history, civil history, terrorist watch lists, trafficviolations, loan or debt delinquencies, outstanding wants or warrants,academic disciplinary history, and/or immigration status.

According to another embodiment, the method may further includedetermining a level of risk (operation 250) corresponding to the atleast one entity according to the assessment information. The riskassessment may be performed by issue flagging, categorization orranking.

Issue flagging identifies potential issues related to an entity that canimpact (positively or negatively) the level of risk. These issues aregeneralized to represent specific potential concerns, such asreliability, trustworthiness, program eligibility, etc.

The categorization risk evaluation type determines which category toassociate an entity with. The ranking risk evaluation type determines anumerical value (score) that is assigned to the entity.

According to another embodiment, the level of risk corresponding to theat least one entity may be determined according to adjudicationparameters. According to another embodiment, the method may furtherinclude receiving the adjudication parameters (operation 240) byinputting the adjudication parameters into the computer 110 or receivingthe adjudication parameters from a client 180 over a network. Theadjudication parameters may be received at the computer 110 before theprocess illustrated in FIG. 2 begins.

According to another embodiment, a method of assessing risks using acomputer 110 is provided. The method includes receiving biographicalinformation (operation 200) regarding at least one person at thecomputer 110. In operation 210, criminal information regarding the atleast one person according to the biographical information is gatheredfrom at least one data source 160, wherein the criminal informationincludes information relating to infractions, punishments for theinfractions, and dispositions of the infractions. In operation 220,criminal information is automatically converted to assessmentinformation, wherein a standardized numerical value is assigned to eachinfraction, a value of misdemeanor or felony is assigned to thepunishment for each infraction, and a value of convicted, not convicted,or unknown is assigned to the disposition of each infraction. Inoperation 230, the biographical information, the criminal information,and the assessment information is stored on the computer 110. Inoperation 250 a level of risk corresponding to the at least one personaccording to the assessment information is determined. FIG. 4illustrates a method of determining a level of risk (operation 250). Inoperation 410, the at least one person is accepted, in operation 420 theat least one person is subjected to further review, and in operation 430the at least one person is rejected based on the level of risk. Withregard to operation 420, the at least one person may be provisionallyrejected based on a felony conviction, however the at least one personmay subsequently be accepted in operation 410 if the felony thatoccurred over 10 years ago and the adjudication parameters do notdisqualify applicants for felony convictions that occurred more than 10years ago.

According to another embodiment, the method of assessing risks can alsobe embodied as computer-readable codes on a computer-readable medium.The computer-readable medium can include a computer-readable recordingmedium and a computer-readable transmission medium. Thecomputer-readable recording medium is any data storage device that canstore data as a program which can be thereafter read by a computersystem. Examples of the computer-readable recording medium includeread-only memory (ROM), random-access memory (RAM), CD-ROMs, Blu-Rays,flash drives, magnetic tapes, floppy disks, and optical data storagedevices. The computer-readable recording medium can also be distributedover network coupled computer systems so that the computer-readable codeis stored and executed in a distributed fashion. Also, functionalprograms, codes, and code segments to accomplish the present disclosurecan be easily construed by programmers skilled in the art to which thepresent disclosure pertains.

EXAMPLES Risk Assessment

The following examples are put forth so as to provide those of ordinaryskill in the art with a complete disclosure and description of how tomake and use the present disclosure, and are not intended to limit thescope of what the inventors regard as their invention.

Example 1 Criminal Risk Assessment

The system of assessing risk may be used to perform the method ofassessing risk in a criminal background check setting. For purposes ofthis example, Company A is a security company looking to hire newemployees. Company A, which corresponds to client 180 in this example,wants to do a background check on the following job applicants Person Aand Person B. Company A sends personal information regarding each of thejob applicants to the computer 110. In this example, Company A sendsPerson A and Person B's names and social security numbers to thecomputer 110. Computer 110 then searches various data sources 160 forpertinent risk information. In this example, the computer 110 gathersCriminal History Record Checks (CHRC) files containing the criminalhistory, or rap sheets, for Person A and Person B that correspond totheir personal information. The rap sheet for Person A includes a chargefor “rape” with a sentence length of “10 yrs” and a disposition of“glty.” The rap sheet for Person B includes a charge for “forciblesexual intercourse” with a sentence length of “3650 days” and adisposition of “G.” The charges on the rap sheets are infractioninformation, the sentence lengths are punishment information, and thedispositions are disposition information.

The computer 110 may run an algorithm in the risk assessment module 140to convert the risk information on the rap sheets of Person A and B toassessment information. With regard to Person A, the infractioninformation “rape” is converted to a standardized infraction code“SEXUAL_ASSAULT” or NCIC code “11,” which corresponds to this charge;the punishment information “10 yrs” is converted to a standardizedpunishment code “FELONY” or “1”; and the disposition information “glty”is converted to a standardized disposition code “CONVICTED” or “2.” Withregard to Person B, the infraction information “forcible sexualintercourse” is converted to a standardized infraction code“SEXUAL_ASSAULT” or NCIC code “11,” which corresponds to this charge;the punishment information “3650 days” is converted to a standardizedpunishment code “FELONY” or “1”; and the disposition information “G” isconverted to a standardized disposition code “CONVICTED” or “2.” Thestandardized infraction code, punishment code, and disposition code arestored on computer 110 as assessment information in either a text format(i.e., “SEXUAL_ASSAULT,” “FELONY,” “CONVICTED) or in a numerical format(i.e., “11,” “1,” “2”).

Company A (client 180) sets adjudication parameters to determine thelevel of risk associated with Persons A and B via an adjudication moduleon the client 180 or the computer 110. For purposes of this example,Company A has set adjudication parameters on the computer 110 before therisk information was gathered. In this example, Company A has determinedthat any job applicant that has been convicted of a felony will beexcluded from being considered for a position with the company. Bothconditions, conviction and that the crime is a felony, need to besatisfied in order for Persons A or B to be excluded from consideration.Therefore, when the computer 110 determines the level of risk based onthe adjudication parameters, the computer 110 finds that the level ofrisk associated with Person A and Person B is above a risk threshold.Therefore, the computer 110 rejects Person A and Person B's jobapplications for Company A. Company A is then informed of the results ofthe risk assessment regarding Person A and Person B. If Person A was notconvicted of a felony, Person A would be accepted as an acceptable risk.If it was unknown as to whether Person A was convicted or not, thenPerson A's application would be subjected to further review.

Example 2 Airport Security Risk Assessment

The system of assessing risk may be used to perform the method ofassessing risk in an airport security setting. For purposes of thisexample, Person A and Person B are trying to board an internationalflight from Europe to the United States. The Airport Security (AS) maysend personal information regarding Persons A and B to the computer 110.In this example, AS sends Person A and Person B's names, social securitynumbers (if applicable), and passport numbers to the computer 110.Computer 110 then searches various data sources 160 for pertinent riskinformation. In this example, the computer 110 gathers Criminal HistoryRecord Checks (CHRC) files containing the criminal history, or rapsheets, for Person A and Person B that correspond to their personalinformation. The computer 110 also gathers files relating to Person Aand B's nationality, immigration status, and travel history. The rapsheet for Person A includes a charge for “carrying a concealed explosiveon an airplane” with a sentence length of “5y” and a disposition of“sentenced.” Person B does not have a rap sheet. Person A is a UnitedStates citizen whose only travel has been to Europe. Person B is aYemeni national who has traveled to Afghanistan and Pakistan in the last12 months.

The computer 110 may run an algorithm in the risk assessment module 140to convert the risk information relating to the criminal history ofPerson A and B to assessment information. With regard to Person A, theinfraction information “carrying a concealed explosive on an airplane”is converted to a standardized infraction code “WEAPON_OFFENSES” or NCICcode “52,” which corresponds to this charge; the punishment information“5y” is converted to a standardized punishment code “FELONY” or “1”; andthe disposition information “sentenced” is converted to a standardizeddisposition code “CONVICTED” or “2.” With regard to Person B, noconversion is necessary since Person B does not have a criminal history.AS sets adjudication parameters to determine the level of riskassociated with Persons A and B via an adjudication module on the client180 or the computer 110. For purposes of this example, AS has setadjudication parameters on the computer 110 before the risk informationwas gathered. In this example, AS has determined that any traveler whohas been convicted of bringing unauthorized weapons on a plane is to beprevented from boarding the plane. AS has also determined that anytraveler who is from Yemen and has visited Afghanistan or Pakistan inthe past year is to be prevented from boarding the flight. When thecomputer 110 determines the level of risk based on the adjudicationparameters, the computer 110 finds that the level of risk associatedwith Person A and Person B is above a risk threshold. Therefore, thecomputer 110 rejects Person A and Person B, and AS is then informed ofthe results of the risk assessment regarding Person A and Person B. ASthen prevents Person A and Person B from boarding the plane.

Example 3 Police Office Application

The system of assessing risk may be used to perform the method ofassessing risk in a criminal background check setting. Police Department(PD), which corresponds to client 180 in this example, wants to do abackground check on the following job applicants: Person A and Person B.The PD sends personal information regarding each of the job applicantsto the computer 110. In this example, Company A sends Person A andPerson B's names and social security numbers to the computer 110.Computer 110 then searches various data sources 160 for pertinent riskinformation. In this example, the computer 110 gathers Criminal HistoryRecord Checks (CHRC) files containing the criminal history, or rapsheets, for Person A and Person B that correspond to their personalinformation. The rap sheet for Person A includes a charge for “rape”with a sentence length of “10 yrs” and a disposition of “afgh.” The rapsheet for Person B includes two charges for “grand theft auto” with asentence length of “days” and a disposition of “con.” The charges on therap sheets are infraction information, the sentence lengths arepunishment information, and the dispositions are dispositioninformation.

The computer 110 may run an algorithm in the risk assessment module 140to convert the risk information on the rap sheets of Person A and B toassessment information. With regard to Person A, the infractioninformation “rape” is converted to a standardized infraction code“SEXUAL_ASSAULT” or NCIC code “11,” which corresponds to this charge;the punishment information “10 yrs” is converted to a standardizedpunishment code “FELONY” or “1”; and the disposition information “afgh”is converted to a standardized disposition code “UNKNOWN” or “0.” Withregard to Person B, the infraction information “grand theft auto” isconverted to a standardized infraction code “STOLEN VEHICLE” or NCICcode “24,” which corresponds to this charge; the punishment information“days” is converted to a standardized punishment code “UNKNOWN” or “2”;and the disposition information “con” is converted to a standardizeddisposition code “CONVICTED” or “2.” The standardized infraction code,punishment code, and disposition code are stored on computer 110 asassessment information in either a text format or in a numerical format.

The PD sets adjudication parameters to determine the level of riskassociated with Persons A and B via an adjudication module on the client180 or the computer 110. For purposes of this example, The PD has setadjudication parameters on the computer 110 before the risk informationwas gathered. In this example, the PD has determined that any jobapplicant that has been convicted of more than one charge of brand theftauto will be excluded from being considered for a position as a policeofficer with a cruiser. Both conditions, conviction and that the crimeis a felony, need to be satisfied in order for Persons A or B to beexcluded from consideration. Therefore, when the computer 110 determinesthe level of risk based on the adjudication parameters, the computer 110finds that the level of risk associated with Person B is above a riskthreshold. Therefore, the computer 110 rejects Person B's jobapplications to be a police officer with a cruiser at the PD. However,Person B may still be able to be accepted for another job in the PD. ThePD is then informed of the results of the risk assessment regardingPerson A and Person B. Person A may be accepted for the job as a policeofficer with police cruiser, and Person B may be accepted for a desk jobwith the PD.

According to another embodiment, a computer-based system 600 is providedfor determining an entity's identity and assessing risks related to theentity's identity. The computer-based system 600 may include a trackingmodule 610, an information module 620, a risk assessment module 630, amemory 640, an identity determination module 660, and/or a web-basedmodule 670. The modules may each be located on a computer or may belocated on separate computers connected via the computer-based system600 over a network, such as the Internet. The memory 640 may be a fixeddisk where an operating system, application programs, and/or data may bestored. The identities of entities 650 may be compiled and stored as adata source 680. The computer-based system 600 may track all processesof the computer-based system in a log that may be stored on the memory640.

As illustrated in FIG. 6, the computer-based system 600 may receiveand/or transmit biographic information and/or biometric information fromone or more entities 650 or data sources 680 through storage media,wired connections, wireless connections, the internet, Internet, or anyother type of communication network using transmission control protocol(TCP) and Internet Protocol (IP). Entities 650 may utilize thecomputer-based system 600 via an input device, such as a keyboard or amouse. Data sources 680 may be computers connected to computer-basedsystem through a network. For example, the computer-based system 600 mayreceive or transmit these types of information through a flash memorydrive, disc media (i.e., CD, DVD, Blu-Ray), a wired network connection(i.e., the internet), or a wireless connection. Multiple computer-basedsystems 600 may be connected to receive or transmit information throughthe above means.

The tracking module 610 may record, at a computer, encounters an entity650 has with the computer-based system 600. As used herein, the term“encounter” refers to any interaction between an entity and thecomputer-based system 600. The tracking module 610 of the computer-basedsystem 600 may record consecutive recurring encounters that may beconstantly triggered by interactions between the entity 650 and thecomputer-based system 600. The tracking module 610 may keep track ofprevious encounters the entity 650 has with more than one computer-basedsystem 600. The tracking module 610 may keep a record of all previousencounters with the entity 650 that may be used to detect patterns ofencounters that may suggest risks, such as potential fraud or securitythreats. When an entity 650 encounters the computer-based system 600,the tracking module 610 may record the encounter and generate encounterinformation regarding the recorded encounter. During each encounter, thetracking module 610 collects personal information relating to the entity650, information relating to the nature of the encounter, andinformation regarding which computer-based system 600 the entity 650encounters. The personal information of the entity 650 may includebiographic information and biometric information relating to the entity650. For example, if the computer-based system 600 is used to verify theidentity or assess the risk associated with an airline passenger (entity650) checking in for a flight, the encounter information may includethat the entity 650 tried to board a plane as well as any details aboutthe entity's interaction with an airport representative. In thisexample, an airport representative (such as a ticketing agent) mayrecord any information about the encounter that may be pertinent toassessing risk or verifying the entity's identity.

The information module 620 may gather, at a computer, biographicinformation and biometric information relating to the entity's 650identity. The information module 620 may receive the biographicinformation and the biometric information from the tracking module 610.The information module 620 may detect changes in the biographicinformation and the biometric information based on previously recordedencounters. Changes in the biographic information and the biometricinformation may be detected by comparing this information in a presentencounter with that of a previous encounter. Any discrepancy betweenthese sets of information between encounters qualifies as a change andis detected by the information module 620. If either the biographicinformation or the biometric information has changed between encounters,the information module 620 generates an event relating to the presentencounter during which change information is detected. As used herein,the term “event” refers to a detection of a change in the biographicinformation or biometric information. An event may be classifiedaccording to the level of importance. The classifications event canrange in seriousness and may be expressed as numerical rankings, colorcoded rankings, termed rankings, etc. The classifications may beexpressed as numerical rankings with a range of 1 through 10, where 1refers to a mild event that is mostly insignificant whereas 10 refers toa serious event that deserves immediate attention. The classificationsmay be expressed as color coded rankings with a range of white to redwhere white refers to a mild event and red refers to a serious event.The classifications may be expressed as termed rankings, such as “mild”referring to a non-serious event and “serious” referring to a seriousevent. For example, if the biographic information of an entity 650includes an address, and the address of the entity 650 has changedbetween encounters, this may result in a ranking of 1 or mild or yellow,depending on how the classifications are expressed.

The risk assessment module 630 may, at a computer, evaluate risksassociated with the entity 650 according to previously recordedencounters and assessment parameters. As used herein, the term“assessment parameters” refers to any information that can be utilizedto assess a risk. The risk assessment module 630 may use discrepanciesbetween previous encounters to evaluate the risks associated with theentity 650. For example, if the biometric information of an entity 650changes between encounters, the risk assessment module 630 may determinethat the entity 650 presents a high risk. The risk assessment module 630may confirm the identity of the entity 650 and assess the riskassociated with the entity 650 whether the identity of the entity 650determined by a present counter matches or does not match that ofprevious encounters. The risk assessment module 630 may determine theentity's 650 propensity for fraud based on the assessment parameters.The assessment parameters may include: configurable business rules,predictive models, debarment lists, etc. Each computer-based system 600may utilize different assessment parameters based on the particulartypes of risks that the computer-based system 600 is targeting. As withthe adjudication parameters of the adjudication module 190, theassessment parameters may be easily changeable logical expressions sothat they can be rapidly adapted or configured according to complex andfrequently changing policies or environments depending on what person ororganization is utilizing the computer-based system 600. The memory 640may store the personal information, the detected changes in the personalinformation, and the encounter information.

The computer-based system 600 may provide fraud and deceit relatedmeasures, such as opening investigations on selective entities 650,suggesting vetting sources that should be consulted (or re-consulted),updating specific data sources 680. The computer-based system 600 maysignal the person or organization utilizing the computer-based system600 to initiate an investigation in to an entity's 650 identity if theinformation module 620 detects changes in the biographic information orthe biometric information based on previously encounters recorded by thetracking module 610. The computer-based system 600 may generate a listof sources for the person or organization utilizing the computer-basedsystem 600 to consult to determine whether the information module 620 isaccurate in detecting a change in the biographic information or thebiometric information of the entity 650. The tracking module 610 may beupdated with new biographic information and/or biometric information ifit is determined that the change in the biographic information and/orthe biometric information is accurate and reflects a change in theentity's 650 personal information without changing the entity's 650identity. For example, the information module 620 may detect a change inbiometric information relating to an entity 650, such as an iris scan. Achange in an entity's 650 iris pattern may or may not be an indicationof identity fraud. If, for example, an entity 650 has had correctivelaser eye surgery, the iris scan of the present encounter may not matchup with an iris scan of a previous encounter. Therefore, uponverification that the identity of the entity 650 has not changed betweenencounters, the iris scan of the entity 650 may be updated so thatfuture encounters use the post-surgery iris scan to detect any changesin the biometric information.

The identity determination module 660 may, at a computer, determine theidentity of the entity 650 according to the biographic information andthe biometric information, the encounter information, and the evaluatedrisks of the risk assessment module 630. If the personal information hasnot changed between encounters, the identity determination module 660may conclude that the entity 650 is who the identity claims to be. Ifthe personal information has been changed between encounters, theidentity determination module 660 may verify that while the personalinformation has changed, the identity of the entity 650 has not.

The web-based module 670 may, at a computer, display encounterinformation, biological information and biometric information, changesin the biological information and the biometric information, theevaluation of the risks, and the determined identity of the entity 650.The web-based module 670 may display these types of information on acomputer through storage media, wired connections, wireless connections,the internet, Internet, or any other type of communication network usingtransmission control protocol (TCP) and Internet Protocol (IP). Theweb-based module 670 may also display a log of events relating to anentity 650 and its interaction with the computer-based system(s) 600.The web-based module 670 may allow a person or organization to searchthrough encounters to find information regarding a particular encounteror a particular entity 650. The web-based module 670 may also allow aperson or organization utilizing the computer-based system 600 to managedebarment lists. For example, a person or organization utilizing thecomputer-based system 600 may add an entity 650 to a debarment listbased on an encounter using the web-based module 670. The web-basedmodule 670 may package all the above information in XML to contain alldetails about a current encounter, previous encounters, and fraudassessments. Once the web-based module 670 packages all the aboveinformation, the encounter of the entity 650 with the computer-basedsystem 600 ends.

FIG. 7 illustrates a method determining an entity's identity andassessing risks related to the entity's identity using a computer. Inoperation 700, personal information, in the form of biographicalinformation and biometric information, relating to the entity's 650identity is gathered during a first encounter. In operation 710,encounter information regarding the first encounter is recorded. Inoperation 720, changes in the biographic information and the biometricinformation are detected by comparing the biographic information and thebiometric information from the first encounter with second biographicinformation and biometric information from a second encounter. Inoperation 730, risks, or a level of risk, associated with the entity aredetermined according to the encounter information and assessmentparameters. The first biographic information and the biometricinformation, the encounter information, and the second biographicinformation and the biometric information may be stored in memory 640(not illustrated).

In operation 740, an event may be generated if the biographicinformation or the biometric information of the second encounter isdifferent from that of the first encounter. The event may be classifiedaccording to a level of importance. After risks associated with theentity are determined in operation 730, the method proceeds to eitheroperation 750 or operation 760. In operation 750, an investigation intoan entity's 650 identity is initiated if changes in the biographicinformation or the biometric information are detected. In operation 760,a list of sources to consult is generated to determine whether thedetected changes in the biographic information or the biometricinformation are accurate. The encounter information may be updated ifthe accuracy of the second biographic information and the biometricinformation has been verified (not illustrated). The determination ofthe risks associated with the entity 650 in operation 730 may includedetermining the entity's 650 propensity for fraud based on theassessment parameters. The assessment parameters may include:configurable business rules, predictive models, debarment lists, etc.Debarment lists include, but are not limited to, tenor watch lists, donot fly lists, sex offender registries, Medicare/Medicaid exclusionlists, and the like.

In operation 770, the identity of the entity 650 may be determinedaccording to the first and second biographic information and thebiometric information, the encounter information, and the determinedrisks associated with the entity 650. In operation 780, the encounterinformation, the first and/or second biological information andbiometric information, the determined risks, and the determined identityof the entity 650 may be displayed using a web-based module.

According to another embodiment, the method of determining an entity'sidentity and assessing risks related to the entity's identity can alsobe embodied as computer-readable codes on a computer-readable medium.The computer-readable medium can include a computer-readable recordingmedium and a computer-readable transmission medium. Thecomputer-readable recording medium is any data storage device that canstore data as a program which can be thereafter read by a computersystem. Examples of the computer-readable recording medium includeread-only memory (ROM), random-access memory (RAM), CD-ROMs, Blu-Rays,flash drives, magnetic tapes, floppy disks, and optical data storagedevices. The computer-readable recording medium can also be distributedover network coupled computer systems so that the computer-readable codeis stored and executed in a distributed fashion. Also, functionalprograms, codes, and code segments to accomplish the present disclosurecan be easily construed by programmers skilled in the art to which thepresent disclosure pertains.

Examples of Biometric/Biographic Risk Assessment

The following examples are put forth so as to provide those of ordinaryskill in the art with a complete disclosure and description of how tomake and use the present disclosure, and are not intended to limit thescope of what the inventors regard as their invention.

Example 4 Debarment Rule Set

The computer-based system 600 may include a rule set regarding adebarment lists where risk associated with an entity 650 may bedetermined according to the debarment list. For example, when an entity650 encounters the computer-based system 600, the computer-based system600 may determine that an entity 650 is on a debarment list andtherefore the entity 650 may be prevented from engaging in a prohibitedactivity. The debarment lists are composed of entities 650 whoseidentities have been confirmed and verified. The computer-based system600 confirms an entity's 650 identity, and then compares the entity's650 identity with the identities included in the debarment lists.

For example, debarment list rules may include the following. When theconfirmed identity of an entity 650 during an encounter can be found onany debarment list, create a negative (red score) risk or fraudassessment result. When the confirmed identity of an entity 650 duringan encounter can be found on a “sexual predator” debarment list, createa negative (red score) risk or fraud assessment result that indicatesfraud. When the confirmed identity of an entity 650 during an encountermatches more than two debarment lists, score the risk or fraudassessment result as a negative (red score). When the confirmed identityof an entity 650 during an encounter matches 1 or 2 debarment lists,score the risk or fraud assessment result as potentially fraudulent(yellow). When the confirmed or unconfirmed identity of an entity 650during an encounter matches any one on a debarment list, the fraudassessment should be potentially fraudulent (yellow).

As illustrated above, the debarment list rules are configurableaccording to the specific needs and goals of the person or organizationutilizing the computer-based system 600.

Example 5 Encounter Rule Set

In this example, two organizations in separate states utilizecomputer-based systems 600 to monitor driver license entitlementsystems. The following rules may be exercised in such a scenario.

When the confirmed identity of an entity 650 during an encounter isfound within previous encounters related to different computer-basedsystems 600, then a negative fraud assessment should be made. When theconfirmed identity of an entity 650 during an encounter is found withinprevious encounters with an overall negative assessment then the overallassessment of the present encounter should also be negative.

As illustrated above, the encounter rules are configurable according tothe specific needs and goals of the people or organizations utilizingthe computer-based systems 600.

Example 6 Identity Mismatch Rule Set

In this example, the computer-based system 600 can generate scores formatching biographic information of an entity 650 to a previousencounter, biometric information of an entity 650 to a previousencounter, etc. The following fraud detection rules may be utilized.

When the matching scores on any of the components of the personalinformation of previous encounters regarding an entity's 650 identitydiffers from the present encounter by more than 40%, the entity's 650identity in the present encounter is flagged as potentially fraudulent(yellow). When the matching scores on any of the components of thepersonal information of previous encounters regarding an entity's 650identity differs from the present encounter by more than 60%, theentity's 650 identity in the present encounter is flagged as definitelyfraudulent (red).

The rules can be developed to be as complicated or as simple as theorganization or person utilizing the computer-based system 600 wishes.For example, take a hypothetical scenario where entity A applies to asecurity-sensitive program that uses both fingerprints and biographicalinformation. The security-sensitive program utilizes a computer-basedsystem (System X) to record entity A's encounter. Since entity A has notencountered system X before, entity A's fingerprints and biographicalinformation are recorded and presumed to be accurate. System X then runsa risk assessment on entity A, and concludes that entity A should bedenied access to the security-sensitive program because of a criminalrecord. Subsequently, entity A reapplies to a similar program, and toavoid rejection, uses his brother, entity B, to encounter thecomputer-based system 600. In this scenario, entity B exactly resemblesentity A in all physical attributes and has been previously approved toaccess the security-sensitive program. Entity A has entity B provideentity A's biographic information and entity B's fingerprints so thatthe criminal background check will come back clean.

In this scenario, the following rule may be utilized to catch theattempted fraud. When the biographic information and the biometricinformation of a entity 650 matches two different entities on thecomputer-based system 600 with a confidence factor greater than 70%, theidentity of entity 650 is flagged as fraudulent (red).

FIG. 8 illustrates a method determining assessing changes in risksrelated to the entity using a computer. In operation 800, personalinformation, in the form of biographical information and biometricinformation, relating to the entity's identity is gathered during afirst encounter. In operation 810, risk information about the entity iscollected from various sources. In operation 820, a risk assessment isperformed to determine a first level of risk based on the riskinformation and assessment parameters. In operation 830, the encounterinformation regarding the first encounter, the risk information and thefirst level of risk are recorded.

In operation 840, new information about the entity is received. The newinformation can be from a second encounter with the entity, such as, forexample, an airport or visa screening. The new information may also bevoluntarily provided by the entity. Alternatively, the system can bedesigned so that it queries sources of risk information on a routine orperiodic basis depending on the preference of the user. In a furtherembodiment, new information can be “pushed” to the system any time therisk information from a source is updated.

In operation 850, the method performs another risk assessment todetermine a second level of risk. The second level of risk takes intoaccount the original risk information along with the updated riskinformation. In operation 860, the first level of risk and second levelof risk are compared to determine if there are any changes in the levelof risk.

In operation 870, the change in the level of risk is quantified. Forexample, the change in the level of risk may be in a numeric formatfrom, for example, 1-10 with 1 as the lowest and 10 as the highestchange in risk information. As another example, the quantification maybe a color coded such as green, yellow or red or a term such a low,moderate or high change in risk profile.

In operation 880, the quantified change in level of risk is used todetermine if further action may be necessary. For example, if the changein risk level is low, the result may be stored in memory with no furtheraction taken. If the change in risk level is moderate, the entity may bereviewed for a renewed security clearance prior to expiration of thecredential.

Table 1 illustrates a criminal history record of an entity. The criminalhistory report is provided in a number of arrest cycles and one of eightarrest cycles is illustrated in Table 1. The criminal history recordincludes biographic information such as name and date of birth and eacharrest cycle identifies the legal jurisdiction, police jurisdiction,arrest date, offense date, criminal charges and the disposition of thecase.

TABLE 1 CRIMINAL HISTORY ARREST 001 OF 008 ARRESTED Apr. 12, 2002 AGENCYCASE NO: nnnn AGENCY: NJ0090400 HARRISON PD HUDSON NAME USED: xxxxxxxxxxx x. DOB USED: nn/nn/nnnn OFFENSE DATE: Apr. 12, 2002 001 CNT2C:12-1B(5) (A) ASSAULT ONPOLICE 001 CNT 2C:20-3A THEFT OF MOVABLEPROPERTY 001 CNT 2C:21-6C CREDIT CARD THEFT 001 CNT 2C:29-2A RESISTINGARREST SUMMONS/WARRANT PROMIS/GAVEL NO: W 20020001220904 DISPOSITIONDATE: Apr. 29, 2002 AGENCY: NJ009041J MUNICIPAL COURT HARRISONDISPOSITION: DISMISSED 001 CNT: 2C:29-2A(1) DEG: RESISTING ARRESTSUMMONS/WARRANT PROMIS/GAVEL NO: W 20020001230904 DISPOSITION DATE: Apr.29, 2002 AGENCY: NJ009041J MUNICIPAL COURT HARRISON DISPOSITION:DISMISSED 001 CNT: 2C:20-3A DEG: THEFT OF MOVABLE PROPERTYSUMMONS/WARRANT PROMIS/GAVEL NO: NO: W 20020001240904 DISPOSITION DATE:Apr. 29, 2002 AGENCY: NJ009041J MUNICIPAL COURT HARRISON DISPOSITION:GUILTY 001 CNT: 2C:12-1A(1) DEG: SIMPLE ASSAULT DISPOSITION: GUILTY 001CNT: 2C:20-7A DEG: RECEIVING STOLEN PROPERTY AGGREGATE SENTENCE DATE:Apr. 29, 2002 COURT: NJ009041J MUNICIPAL COURT HARRISON JAIL TIME CREDIT17D AMOUNT ASSESSED $ 1 028 AGGREGATE RESENTENCE DATE: Apr. 19, 2002COMMITTED IN LIEU OF FEES/FINE COURT: NJ009041J MUNICIPAL COURT HARRISONINCARCERATION: HUDSON CTY JAIL CONFINEMENT 35D AMOUNT ASSESSED $ 0

As mentioned above, each jurisdiction may include information oncriminal history or “rap” sheets in an unstructured non-standardizedmanner. For example, each jurisdiction may have a unique way ofclassifying the same crime, the classifications and crimes may changeover time, there may also be typographical errors that are never fixed,and other various differences or errors that cause inconsistencies inthe data. Thus, predictive analysis may perform text substitutions tonormalize the criminal history.

Table 2 shows parsed results of the first arrest cycle:

TABLE 2 PARSED RESULTS - FIRST ARREST CYCLE <signature><arrestDate>2002/04/10</arrestDate> <courtDate>2002/04/24</courtDate><chargeDescriptionCount>8</chargeDescriptionCount><offenseCode>2300</offenseCode> <severityCode>3</severityCode><dispositionCode>0</dispositionCode> <offenseCode>0</offenseCode><severityCode>3</severityCode> <dispositionCode>3</dispositionCode><offenseCode>1300</offenseCode> <severityCode>3</severityCode><dispositionCode>3</dispositionCode> <offenseCode>4800</offenseCode><severityCode>3</severityCode> <dispositionCode>0</dispositionCode><offenseCode>1300</offenseCode> <severityCode>3</severityCode><dispositionCode>0</dispositionCode> <offenseCode>4800</offenseCode><severityCode>3</severityCode> <dispositionCode>0</dispositionCode><offenseCode>2300</offenseCode> <severityCode>3</severityCode><dispositionCode>0</dispositionCode> <offenseCode>2600</offenseCode><severityCode>3</severityCode> <dispositionCode>0</dispositionCode></signature>

The parsed arrest cycle information includes an arrest date, court dateand a charge description count. Each charge is translated to an offensecode, severity code and disposition code.

Table 3 shows the signature for the arrest cycle identified in Table 1:

TABLE 3 SIGNATURE08078a07c60204b0040004b00400075407560208fc030008fc0300073e073e020dac

The signature is a compact character string that includes all of theinformation provided in the criminal history report. The signature iscomputer readable and can be used to generate a standardized criminalhistory report.

The signature can be stored for later comparison with a signature from alater time period. If the signature is to be stored, the information canbe encrypted to prevent unauthorized access.

The advantages of risk evaluation on a periodic basis are shown in FIGS.9A and 9B. Typically, a risk assessment is made when a securitycredential is issued (900). As shown in FIG. 9B, the risk 910 that theresult of an initial risk assessment could be inaccurate increases overtime. Thus, if the security credential is only reviewed upon expirationor renewal, important risk assessment information could be overlooked.

As shown in the diagram, risk evaluations can be scheduled 930 or theycan occur as new risk data is received 950. The risk evaluations appearas circular nodes 930, 950 on a diagram with a timeline and a risklevel. Thus, the screening manager can immediately evaluate the risklevels over time by reviewing the series of nodes 930, 950 which may beconnected by reference lines. The screening manager may also select oneof the nodes 930, 950 to display more detail about the risk evaluation.The additional detail may be displayed adjacent to the timeline or itmay open up a separate window to display the additional detail.

As mentioned above, a policy can be implemented to establish a periodicupdate or scheduled risk assessment 920. The scheduled risk assessmentreduces the risk that there could be signification changes in riskinformation that may change the result of a security or risk review.Risk assessments may also be performed through randomly on demand asneeded.

The system can also perform a real-time risk assessment 940. Sources ofrisk information are instructed to provide new risk information forparticular entities as it is produced. For example, a watch list orother data source may be updated. The updated risk information can beincorporated into new risk assessments 950 as the information isreceived. For example, an updated credit score or financial rating canbe forwarded as soon as it is generated. This information can then bedirectly compared to a previous risk assessment.

Additional process triggers may be used, such as, for example, based onwatch list updates or by on demand of the reviewer.

The updated risk assessment can also be used to produce a new signaturethat contains the risk information. The new signature is compared to anoriginal or previous signature. As shown in FIG. 10, if a change in risklevel is detected the classifications for change in risk may be may beexpressed as termed rankings, such as no issue 110, minor issue 120 orserious issue 130. referring to a non-serious event and “serious”referring to a serious event. These rankings may use visual indicatorssuch as green for no issue, yellow for minor issues 120 and red forserious issues.

FIG. 11 illustrates a method of identifying changes in risk information.In operation 1110, risk information, such as, for example, the criminalhistory report in Table 1 above, is parsed to produce separate elements.In operation 1120 the parsed elements are converted to numerical valuesand/or a hexadecimal code. In one embodiment, the hexadecimal code mayhave a “weighted” significance. For example, more serious events in thecriminal history can have a higher numerical value or a letter codeindicating the severity.

In another embodiment, the code appears to be a random sequence ofcharacters, however, the random sequence corresponds to weighted valuesthat are not disclosed without a particular authorization level. Thus,the record of coded characters can be stored and/or distributed whilethe underlying values remain confidential.

In operation 1130, the hexadecimal code for each separate element iscombined into a continuous character string. In operation 1140, ahashing function is applied to produce a risk signature. In oneembodiment, the hashing function is applied to encrypt the data. Inanother embodiment, the hash function generates fixed-length output datathat shortens reference to the continuous character string.

In one embodiment, the hashing function of operation 1140 is a one wayfunction or not invertible such that it is not possible to reconstructthe continuous character string from the risk signature.

In operation 1150, the risk signature is compared to a previouslygenerated risk signature. Any changes in the separate elements of riskdata will be apparent as a change in the risk signatures.

In operation 1160, the separate elements of risk information arecompared when there is a change in the risk signatures. In operation1170, changes in risk information are identified. These changes in riskinformation and/or a complete risk information report can be forwardedto an authorized user for further evaluation. In one embodiment, thehashing is omitted to produce the risk signature. Instead, thecontinuous character string is the risk signature that is used forcomparison.

The method described in FIG. 11 may be embodied in a computer system asillustrated in FIG. 12. The computer-based system includes a computer1210, which may be a computer server as described above.

The computer 1210 may include a data aggregation module 1230, a dataparsing module 1240, a signature production module 1250, and a memory150. The modules are not required to be on a single computer.

The data aggregation module 1230 may receive, at the computer,biographic information and risk information regarding the entityaccording to from biographic and risk data sources 1260 and 1270.

The data aggregation module 130 may receive, at the computer, riskinformation regarding the entity according to the personal informationfrom biographic and risk data sources 1260 and 1270.

The system 1200 may also include a data parsing module 1240 to separatethe risk information into discrete elements. A signature module 1250produces a continuous character string from the parsed risk information.The signature module 1250 and/or a comparison module may also be used tocompare the continuous character string to another continuous characterstring produced at a different time period.

As shown in the screenshot of FIGS. 13-22, a reviewer, such as, forexample, a case manager, can view a profile for a subject, such as aperson, in order to perform a risk assessment. Referring to FIG. 13, thereviewer can begin the initial screening based on the name and date ofbirth of the subject. A personal unique identification (PUID), thenumber of instances of recorded data, number of cases and number ofcredentials is displayed for a selected subject. Each instance ofrecorded data has a “citation” for purposes of data attribution suchthat every unique identity fact can be traced back to the raw riskinformation, a unique identity, and to any relatedcases/decisions/credentials that were based upon it. As shown in FIG.14, “Juan Jacksons” may be selected as the subject by the case manager.Information about the subject is provided according to the format of theMaster Identity Hierarchy. A number of tabs about the subject may beviewed by the reviewer, including a risk management report, identity,vetting, cases and credentials. The reviewer can then select asub-category, essentially drilling into the Master Identity Hierarchy toview information, such as, overview, biographic, residence, watchlistand criminality information.

In FIG. 14, the reviewer can select the overview tab to identify therecords available for the subject. These include initial registration, apersonal record and criminal records (rap sheets) that are linked to thesubject.

In FIG. 15, the reviewer may select the biographic information tab forthe subject. In the example shown, the subject has four (4) instances ofbiographic records with one of the records including a middle name(Carson). Data for the subject can be displayed to the case manager,including gender, date of birth, place of birth, social security number,height, weight, hair color and eye color. Each identity fact has acitation so that it can be traced to raw risk information. For example,information from a specific rap sheet may be cited in Biographic,Criminality and Citizenship categories.

In FIG. 16, the reviewer may select the residence tab to identify streetaddresses for the subject along with dates that the subject lived ateach address. The reviewer can move along a timeline to get an addressfor the subject at any given. The reviewer can also identify gaps in therecorded address based on any given time period.

In FIG. 17, the case manager may select the watchlist tab to viewwatchlist information for the subject. Watchlist information may includelists relating to Office of Foreign Assets Control (OFAC),nonproliferation sanctions, denied persons, unverified entities, andArms Export Control Act (AECA) debarment.

In FIG. 18, the case manager may access criminal record information byselection of the criminality tab. The criminal record information mayinclude criminal history reports from multiple sources. In the example,ten (10) separate criminal charge records are associated with thesubject, with multiple charges on some dates for a total of fourdifferent dates for listed offenses.

The screening manager has several options for visualizing the hierarchyview: expandable sections (FIGS. 19 & 20), the radial diagram (FIG.21-24), horizontal hierarchy (link chart that spans left to right), andvertical hierarchy (link chart that spans top to bottom). As shown inFIG. 19, the case manager can review an adjudication process for aperson. For example, the case manager may select a hierarchy view ofissues related to the adjudication, including the following: Allegianceto the U.S.; Foreign Influence; Foreign Preference; Sexual Behavior;Personal Conduct; Financial Considerations; Alcohol Consumption; DrugInvolvement; Emotional/Mental Disorders; Criminal Conduct; SecurityViolations and Outside Activities.

The hierarchy view provides the screening manager with statusinformation about the adjudication, which can show the following steps:Initiation; e-Screen; e-Adjudication; Assignment; h-Adjudication;h-Review; and Closure. The duration of each step and the number of tasksin each step can also be displayed. The result of the adjudication isalso displayed in red, yellow or green colors as rejected, unresolvedissues or approved, respectively. For example, the unresolved categoryis represented by an exclamation point inside a triangle colored yellow.The approved category is represented by a green arrow with the tippointed upward. The rejected category is represented by a red arrow withthe tip pointed downward.

In FIG. 20, the case manager can open categories of issues to reviewspecific disqualifying conditions. For example, the screening managercan review guidelines for (I) emotional/mental disorder issues that mayinclude disqualifying conditions, such as, for example, (a) behaviorthat casts doubt on reliability, (b) mental health opinions, and (c)failure to follow medical treatment advice.

The total number of issues is displayed and the condition status can bedisplayed in colors of red, yellow, green or grey. Each of the issueslisted as disqualifying conditions may be displayed as issue types thatinclude not applicable, pending, disqualifying, mitigated or historicalwhich are color coded as grey, yellow, red, green and light green,respectively.

In the illustration shown in FIG. 20, there are two issues for conditionc for failure to follow medical treatment under guideline I foremotional/mental disorders. One of the issues is displayed as rejectedunder the rejected symbol and the issue is displayed as unresolved underthe unresolved symbol. The condition status symbol is colored red.

There are also three issues identified as condition c which includesallegations or admissions of criminal conduct regardless of whether theperson was formally charged, prosecuted or convicted under guideline Jfor allegations of criminal conduct. One incident is identified as notapplicable under the N/A symbol, one incident is identified as approvedunder the green up-arrow symbol and one incident is identified asrequiring further research under the “book” symbol. The overallcondition status is identified as a green circle to indicate that thesubject is approved. The other condition status circles are greyed outsince no issue is present for those disqualifying conditions.

Referring to FIG. 21, the risk evaluation can be presented to thescreening manager as a polar graph with a series of concentric circles.The illustrated graph includes four concentric circles with radial linesemanating from the center to produce a series of partial circularsectors.

As explained in more detail below, the center circle acts as a visualindicator of the overall risk evaluation results as unresolved, rejectedor approved with a center that is yellow with a question mark, red witha large X mark, or green with a check mark, respectively. Thus, theoperator gets an immediate sense of the case from the center circle andthen can “drill down” to review specific issues. For reference to thedrawings the colors red, green, light green, yellow and grey arerepresented by the symbols R, G, Lg, Y and Gr, respectively.

For ease of explanation, components of FIGS. 21 and 22 are broken downand shown in FIGS. 23-25. In FIG. 21, the circular sector or circlesector (symbol: c), is the portion of a circle enclosed by two radii andan arc. If theta is the central angle in radians and r is the radius ofthe circle, then the area of a circular sector can be obtained bymultiplying the total area by the ratio of the arc length L to the totalperimeter.

Referring to FIGS. 23 and 24, a partial circular sector (or partialannulus) A_(ps) is the area of a circular sector A_(cs) bounded by theinner arc L₁ and outer arc L₂ of concentric circles.

Referring to FIG. 25, the inside of the first circle C1 represents astatus indicator. The circular sectors between circles C2 and C1represent guidelines, the circular sectors between circles C3 and C2represent conditions and the circular sectors between circles C4 and C3represent issues. The position of the guidelines, conditions and sectorsmay also be in reverse order with guidelines on the outermost circularsectors.

Referring again to FIG. 21, the status indicator C1 or case roll-up canbe colored or a symbol can be added to indicate status to the screeningmanager. For example, green indicates that the subject is approved,yellow indicates that a decision is pending and red indicates that thesubject is rejected. In terms of symbols, an “X”, “?” and “ ” canindicate rejected, pending and approved, respectively.

The status indicator represented by the inner or first circle (inside C1of FIG. 25) shows the screening manager that the case is currentlypending or unresolved with yellow shading in the inner ring and a “?”symbol. In the next set of circular sectors between the first ring andthe second ring (between C1 and C2 of FIG. 25), two guidelines that arerelevant to the subject are represented by circular sectors that arecolored green G and yellow Y. As a subset of the guideline (conditions),there is circular sector between the second ring and the third ring(between C2 and C3 of FIG. 25) that is green G and as a subset of theyellow guideline there is a yellow Y sector representing an unresolvedstatus of a condition.

On the outermost set of circular sectors (between C3 and C4 of FIG. 25)there are light green, green G and yellow circular sectors displayed asissues relevant to the green colored guideline. Yellow circular sectorsY are displayed as issues related to the yellow colored guideline.

FIG. 22 shows an example of a subject that has been denied a credentialunder particular risk assessment criteria. The status indicatorrepresented by the inner or first circle (inside C1 of FIG. 25) showsthe screening manager that the subject has been denied a credential byvirtue of a red color R in the inner ring and an “X” symbol.

In the next set of circular sectors between the first ring and thesecond ring (between C1 and C2 of FIG. 25), two guidelines that arerelevant to the subject are represented by circular sectors that arecolored green G and red Y. As a subset of the guideline, there iscircular sector between the second ring and the third ring (between C2and C3 of FIG. 25) that is green G and as a subset of the red coloredguideline there is a colored circular sector R representing a rejectedcondition status.

On the outermost set of circular sectors (between C3 and C4 of FIG. 25)there are light green Lg, green G and grey Gr circular sectors displayedas issues relevant to the green colored guideline. Yellow Y and red Rcircular sectors are displayed as issues related to the red coloredguideline.

Referring to FIGS. 27A and 27B, the screening manager can move a pointeror mouse over the colored sectors to display detailed information or adrop down menu associated with the particular guideline, condition orissue which are represented by three sets of concentric rings. The outerring represents guidelines, the middle ring represents conditions(disqualifying conditions) and the inner ring represents issuesassociated with the guidelines. The colors red, yellow and green arerepresented by dotted, cross hatched and diagonal lines, respectively.

The screening manager can place the pointer on the guideline colored redto display that the sector represents guidelines concerning variousaspects of criminal conduct. The screening manager can move in towardthe middle to look at any disqualifying conditions. The screeningmanager can then move to the inner most radial sectors to look at issuesor events of criminal conduct. The screening manager can select theradial sector to bring up a source document from a criminal dataprovider. For example, the source documents about the entity may beprovided by the National Crime Information Center (NCIC), the NationalLaw Enforcement Telecommunications System (NLETS), or the IntegratedAutomated Fingerprint Identification System (IAFIS). As another feature,when the screening manager may select an issue to make a text box appearwith more detailed information about the entity and several links tooriginal source documents.

The manager can click the “Hierachy” tab to exit the radial graph anddisplay the information in a hierarchy mode which displays informationin a list format such as that shown in FIG. 30A. In another embodiment,the manager has a “drill in” capability such that she can select aspecific radial arc to essentially update the image of the radialdiagram to the specific category/disqualifying condition selected. To goback up a level, the user can select the center node.

Referring to FIG. 28, a timeline may be illustrated with a chronology ofrisk evaluation. As the screening manager moves along the timeline hecan view the risk scores provided through continuous evaluations.

Referring to FIGS. 29A and 29B, a timeline is illustrated with threerisk evaluations or decision groups each representing a particular timeperiod. The decision groups are represented by vertical columns with thefirst vertical column (left side) including vertical segmentsrepresenting each of the guidelines, the second vertical column (middle)including vertical segments representing each disqualifying conditionand the third vertical column (right side) including vertical segmentsrepresenting each of the issues.

The screening manager has the option to display one or more of thevertical columns. For example, in FIG. 29B the display only shows singlevertical columns representing disqualifying conditions during eachevaluation time period.

FIGS. 30A-30E illustrate a risk “dashboard” and risk evaluations for aparticular subject. FIG. 30A shows a hierarchical view of the subject'scomplete profile including basic biographic information such as name,photograph, organization name, location, job role, department, businessunit and division. It also includes menus for information associatedwith licenses, education, active events, and historical events. Currentrisk rating for the subject is also displayed. The dashboard allows thescreening manager to access reports and other information about thesubject.

FIGS. 30 B-30E illustrate a risk timeline with risk level on the Y axisand a timeline on the X axis. The risk level includes a numerical riskscore from 800 to 0 with 800 being the lowest risk and 0 being thehighest risk. Nodes are displayed on the risk timeline that illustratethe numerical risk level at a particular time period. For example, thenodes illustrate risk levels of 800, 650, 550, and 500 on February 2016,May 2016, October 2016, and January 2017, respectively. A list of riskevents is also provided on display under categories of domestic,financial and criminal records.

The screening manager can select one of the nodes to illustrate adetailed evaluation chart. For example, selecting the node on February2016, the risk evaluation for that date appears next to the timeline inconcentric circles with the risk score of 800 at the center. The outerring represents risk categories and the inner ring represents riskevents associated with each category. Selecting the node for October2016 illustrates the risk evaluation on that date with the risk score of550 at the center. Selecting the nodes of May 2016 and January 2017illustrate the risk evaluations for those dates with risk scores of 650and 500 at the centers, respectively.

Referring to FIGS. 31A and 31B, risk data may also be visualized in linkor chord diagrams. FIG. 31A illustrates a link diagram for criminalinformation. Criminality data is linked to categories of Wants &Warrants, Criminal History and Booking. The Criminal History is liked tonine criminal records or events. The screening manager can select thenode for each of these records which are identified by dates. For theevent identified in September 1992, the subject was charged with fourcounts that are linked to the date for that event. Selecting any ofthese nodes also displays additional information about the specificcriminal count.

FIG. 31B illustrates a chord diagram with nine categories of informationfor a subject, including biographic, residences, criminality, education,employment, military, citizenship, biometrics and relatives. The diagramshows the records or events as being linked to more than one category.For example, a record for a related person may be linked to categoriesof residence and relatives and a rap sheet may be linked to categoriesof criminality and citizenship.

Unless defined otherwise, all technical terms used herein have the samemeaning as commonly understood by one of ordinary skill in the art towhich this invention belongs. Any methods and materials similar orequivalent to those described herein also can be used in the practice ortesting of the present disclosure.

It must be noted that as used herein and in the appended claims, thesingular forms “a”, “and”, and “the” include plural references unlessthe context clearly dictates otherwise.

While the present disclosure has been described with reference to thespecific embodiments thereof, it should be understood by those skilledin the art that various changes may be made and equivalents may besubstituted without departing from the true spirit and scope of theinvention. In addition, many modifications may be made to adopt aparticular situation, material, composition of matter, process, processstep or steps, to the objective spirit and scope of the presentdisclosure. All such modifications are intended to be within the scopeof the claims appended hereto.

1. A computer-implemented method for interactive visualization of a riskassessment for an entity on a graphical user interface of a computersystem, the method comprising: receiving, by the computer system,unstructured risk data associated with the entity from one or moresource; parsing, by the computer system, the unstructured risk data toproduce one or more risk information element during a time period;combining, by the computer system, each risk information element thatcomprises a single event or issue; categorizing, by the computer system,each event or issue by a class or category; generating, by a computerprocessor, a risk assessment for the entity from each one or moreclassified or categorized event or issue for each time period; andsimultaneously displaying, on the graphical user interface, a riskassessment for each time period on a risk timeline with a risk levelrepresented by a node on a first axis and a timeline on a second axis,and a risk report that includes detailed risk information for only onetime period, wherein simultaneously displaying the risk report for theone time period includes displaying the risk report for the one timeperiod in response to a user selection of the time period.
 2. Thecomputer-implemented method of claim 1, further comprising: receivinginput, through the graphical user interface, from the user of thegraphical user interface, the input corresponding to a cursor or pointerbeing positioned on the graphical user interface over the node on therisk timeline corresponding to the time period.
 3. Thecomputer-implemented method of claim 1, further comprising: receivinginput, through the graphical user interface, from the user of thegraphical user interface, the input corresponding to a cursor or pointerbeing used to select the node on the risk timeline corresponding to thetime period thereby displaying the detailed risk information for theselected time period.
 4. The computer-implemented method of claim 1,wherein simultaneously displaying the detailed risk information for theonly one time period further comprises displaying a total risk scorewith the detailed risk information for the time period.
 5. Thecomputer-implemented method of claim 1, simultaneously displaying thedetailed risk information for the only one time period comprisesdisplaying each event or issue during the time period and each class orcategory corresponding to the event or issue.
 6. Thecomputer-implemented method of claim 5, wherein displaying each event orissue during the time period and each class or category corresponding tothe event or issue comprises a hierarchical list of each event or issueas part of a set corresponding to each class or category.
 7. Thecomputer-implemented method of claim 1, simultaneously displaying thedetailed risk information for the only one time period comprisesdisplaying a category or classification and displaying each event orissue during the time period that corresponds to each category orclassification.
 8. The computer-implemented method of claim 7, whereindisplaying each event or issue during the time period further comprisesdisplaying each event or issue as part of a set that corresponds to eachcategory or classification.
 9. The computer-implemented method of claim7, wherein displaying the category or classification and displaying eachevent or issue comprises displaying a visual chart of the category orclassification and the corresponding event or issue.
 10. Thecomputer-implemented method of claim 9, wherein displaying the visualchart further comprises changing an appearance of the visual chart inresponse to a comparison to a risk threshold.
 11. Thecomputer-implemented method of claim 1, simultaneously displaying thedetailed risk information for the only one time period comprisesdisplaying a list of each event or issue during the time period.
 12. Acomputer-based system for assessing risks, the system comprising: astorage device to receive, at a computer, unstructured risk dataassociated with an entity from one or more source; a computer systemprocessor to parse the unstructured risk data to produce one or morerisk information element during a time period, combine each riskinformation element that comprises a single event or issue; categorizeeach event or issue by a class or category; generate a risk assessmentfor the entity from each one or more classified or categorized event orissue for each time period; and a graphical user interface tosimultaneously display the risk assessment for each time period on arisk timeline with a risk level on a first axis and a timeline on asecond axis, wherein each risk assessment for the time period isrepresented as a node having a risk score on the risk timeline, anddetailed risk information that corresponds to a selected node whereinthe detailed risk information includes each event or issue for the timeperiod.
 13. The computer-based system of claim 12, wherein the detailedrisk information further includes each class or category.
 14. Thecomputer-based system of claim 13, wherein display of the detailed riskinformation includes a visual representation of each event or issue forthe time period further comprises a bar chart, string chart or radialchart to represent each event or issue for the time period.
 15. Thecomputer based-system of claim 12, wherein the class or categorycomprises one or more of identifiers, fraud, relationships, background,social media, utility services, licenses, assets, business affiliations,political affiliations, death records, health records, informationtechnology policy and security, and/or human resources.
 16. Thecomputer-based system of claim 12, wherein the detailed risk informationfurther includes a chronological listing of each event or issue for thetime period that includes an entity name, a category or class, asub-category or sub-class, a record date and a risk severity descriptor.17. The computer-based system of claim 16, wherein the display of thechronological listing further includes one or more source identifier forthe event or issue.
 18. The computer-based system of claim 12, furthercomprising: receiving input, through the graphical user interface, froma user of the graphical user interface, in response to the displaying ofthe risk assessment for each time period on a risk timeline on thegraphical user interface, the input corresponding to a cursor or pointerbeing positioned by the user of the graphical user interface over thenode for the time period displayed on the graphical user interface; andin response to the input received through the graphical user interfacefrom the user of the graphical user interface, displaying the detailedrisk information that corresponds to the selected node for the timeperiod.
 19. A computer-implemented method for interactive visualizationof a risk assessment for an entity on a graphical user interface of acomputer system, the method comprising: receiving, by the computersystem, unstructured risk data associated with the entity from one ormore source; parsing, by the computer system, the unstructured risk datato produce one or more risk information element during a time period;combining, by the computer system, each risk information element thatcomprises a single event or issue; categorizing, by the computer system,each event or issue by a class or category; generating, by a computerprocessor, a risk assessment for the entity from an aggregated analysisof each one or more classified or categorized event or issue for eachtime period; displaying, on the graphical user interface, the riskassessment for each time period on a risk timeline with a risk levelrepresented by a node on a first axis and a timeline on a second axis;receiving a selection input, through the graphical user interface, inresponse to the displaying of the risk assessment for each time periodon the risk timeline on the graphical user interface, the selectioninput corresponding to a cursor or pointer being positioned over thenode for the time period displayed on the graphical user interface; andin response to the selection input, displaying in an adjacent window, onthe graphical user interface, a risk report that includes detailed riskinformation for a selected one time period, wherein displaying the riskreport for the time period includes displaying a detailed list of eachclassified or categorized event or issue for the time period.
 20. Thecomputer-implemented method of claim 19, wherein the risk report furthercomprises a graphical display of each issue or event for the time periodwherein the relative size of the displayed issue or event corresponds toa risk level relative to an overall risk score for the time period. 21.The computer-implemented method of claim 20, wherein the risk reportfurther comprises an itemized list of each issue or event for the timeperiod, the itemized list comprising a risk level, a category or classfor the issue or event, and a sub-category or sub-class for the issue orevent.